07-31-2013 06:47 AM
Hi,
I have a server which listens on port 9000. Clients connects to ACE on port 443 as ssl connection.
How to configure ACE to send the request it receives on port 443 to port 9000 on server?
I have ssl offloading configured on ACE.
Users access https://extranet.abc.com/sonarringo and hits the ACE. ACE redirects client to https://extranet.abc.com/sonarringo which again hits ACE.
ACE sends the request to server on port 9000.But this is not working somehow.
When I see connection on ACE, i see return connection from server to ACE on port 443 and in INIT state whereas it should come on port 9000.
SSL offloading is working fine as other links on same website are working fine.
Below is the config..can anyone suggest?
probe tcp adc_ringodashboard
port 9000
interval 5
passdetect interval 5
connection term forced
rserver redirect adc_sonarringo-redir
webhost-redirection
https://extranet.abc.com/sonarringo/
inservice
rserver host adc_sonarringo
ip address 10.140.223.223
inservice
serverfarm host adc_sonarringo-fwd
probe adc_ringodashboard
rserver adc_sonarringo 9000
inservice
class-map type http loadbalance match-any adc_sonarringo-redir
2 match http url /sonarringo
class-map type http loadbalance match-any adc_sonarringo-fwd
2 match http url /sonarringo/*
3 match http url /sonarringo/.*
policy-map type loadbalance first-match ssl-extranet
class adc_sonarringo-redir
serverfarm adc_sonarringo-redir
class adc_sonarringo-fwd
serverfarm adc_sonarringo-fwd
policy-map multi-match external-lb
class ssl-extranet
loadbalance vip inservice
loadbalance policy ssl-extranet
loadbalance vip icmp-reply active
nat dynamic 1 vlan 368
appl-parameter http advanced-options case_param
ssl-proxy server extranet
parameter-map type http case_param This parameter is applied in multimatch policy.
case-insensitive
no persistence-rebalance
set header-maxparse-length 65535
set content-maxparse-length 65535
length-exceed continue
07-31-2013 04:07 PM
Nish,
Could you explain more in detail what you are trying to accomplish with this?
Currently what you have is something like this
https://extranet.abc.com/sonarringo ----> https://extranet.abc.com/sonarringo
But I think this may cause a loop
Please explain what you are looking for
Jorge
07-31-2013 09:07 PM
Hi Jorge,
Users connect to server with https://extranet.nl.capgemini.com/sonarringo which hits the ace and ace redirects clinet to https://extranet.nl.capgemini.com/sonarringo/ which eventually again hit the ACE and this time ACE matches another layer 7 class (adc_sonarringo-fwd) and passes the traffic to server. Server should reply back to client with webpage.
This config is converted from existing CSS configuration which was working fine with CSS and similar config works for other applications.
If I create a action list which converts http request header from extranet.nl.capgemini.com to extranet.nl.capgemini.com:9000, i can see connection established onn ACE and i see similar URL in client browser which i get wen directed connecting to site (header value changed) but still i cant see webpage properly.
07-31-2013 09:44 PM
Hi,
What I need to know what is the way to convert such SSL request to ports other than 80 as 9000 in my case without opening such ports on firewalll from outside world to my network?
I think Its something related to class map and reg ex.....
08-02-2013 04:07 AM
Hi,
The issue is resolved. Issue was with difference of behaviour between ACE and CSS.
In CSS, redirection link https://extranet.abc.com/sonarringo/ was enough to make it work but ACE required more detailed redirection link...https://extranet.abc.com/sonarringo/new/form ...After changing redirection string, it started working.
Thanks for help...
08-02-2013 05:37 AM
Nish,
It sounds great!
Jorge
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide